File Share Encryption

I'm running PGP Universal 3.2/PGP Desktop 10.2 build 1672. I'm trying to use RSA SID800 token for pre-boot authentication. I've gone through the deployment steps documented in how to HOWTO42022 and PDFs available from RSA. I generated a new key, stored it on the RSA token, then encrypted the whole disk using that key. However the Pre-boot authentication with the RSA pin for the token fails with "incorrect authentication, please try again". Same pin works in the PGP desktop when I unlock the disk to add/remove users so the RSA SID800 authentication seems to work in the windows / pgp desktop but not in bootguard. I've tried the CTL-ENTER and CTL-R as some articles suggested. Static passphrase auth works correctly, issue is only with token based auth.

The RSA token is brand new. The token firmware is 3.1. I'm using RSA Authentication client 3.5.4. Laptop hardware is Dell E6420, OS is Win XP SP3. Same thing happens on other hardware as well.

Any ideas?

Hello sonicrelay,

I've got the identical problem allthough I am using an eToken Pro 64k. In Windows 7 everything is fine. During preboot the token is not recognized. I guess that accessing the USB ports during preboot fails. However I have no idea why, because usb-stick are well recognized ....

Cheers TheLastUnicorn

Might this from the PGP 10.2 Release Notes apply to your situation?

RSA SecurID SID800: The RSA SecurID SID800 only supports SHA-1. When generating a key on the RSA
SecurID SID800, modify the key properties by clicking the Advanced button, and under Hashes select only
SHA-1. If a key has already been generated, get the Key Properties, edit the set of supported Hashes, and
select only SHA-1.

Tom,

Long time no talk.  The release notes are wrong.  I have an admin token that works fine with RSA 1024 and SHA-2 256 on an RSA 800 B Series token.  I'm still trying to dig deeper but we have people with D Series SID 800 tokens that are getting the same error.  In my test I am on an HP machine and not a Dell E series with an i Processor (I am about to test this)  everything works (10.2.0).  When we test on an E Series with 10.1.2 SP2 we get the invalid authentication.  I'll post an update and I'm working to get a ticket open with Platinum Support regarding this now.

Eric
ex-PGPer (2004-2010)

The eToken Pro 64k has a bug report filed for this currently since our release notes claim support. But apparently there is a new revision of this eToken that does not work with PGP.

Maybe this sounds stupid, but I'm going to go ahead and state this anyways. Since the forum post is not clear on whether this was checked or not. But with the problem using the RSA 800 B series tokens. Have you made sure that the most updated driver for the rSA device is installed?  Also, did you try using the PGP Options found in the PGP Desktop UI under Tools --> Options then the Keys tab.  Select the third option down that says "Synchronize keyring with tokens and smartcards" and switch it from Automatically to "from RSA" or select "Other" and manually point it to the dll driver that is installed for that eToken?